Analysis
-
max time kernel
6s -
max time network
1s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
21/05/2024, 17:58
Behavioral task
behavioral1
Sample
iis_Stubid_paid (1).exe
Resource
win7-20240215-en
General
-
Target
iis_Stubid_paid (1).exe
-
Size
16.2MB
-
MD5
b0390b2488b4f2fe71ff9badd4d5219a
-
SHA1
50bb096b3b565316f3764af232d6c4604102708c
-
SHA256
a0e3177a4bd9def7cae2c3dd62a40f3cb6cfaa18296b08a452bd5264f513fa04
-
SHA512
012096e33398973b691d820d0696c3ebdd2ecd3d6534cae29dd3ac632d97dacc38f10ba30aa8637a7426dea3a8c8480680215e28185ae15950c6497085ef0e3c
-
SSDEEP
393216:Bo9DM45CD55L1V8dkurEUWj+rPEyDwREGPKkFbuK+:W9N+XRndbmMyDwR4k8K+
Malware Config
Signatures
-
Loads dropped DLL 2 IoCs
pid Process 2640 iis_Stubid_paid (1).exe 2640 iis_Stubid_paid (1).exe -
resource yara_rule behavioral1/files/0x000500000001a4c8-108.dat upx behavioral1/memory/2640-110-0x000007FEF5F80000-0x000007FEF6645000-memory.dmp upx -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1972 wrote to memory of 2640 1972 iis_Stubid_paid (1).exe 28 PID 1972 wrote to memory of 2640 1972 iis_Stubid_paid (1).exe 28 PID 1972 wrote to memory of 2640 1972 iis_Stubid_paid (1).exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\iis_Stubid_paid (1).exe"C:\Users\Admin\AppData\Local\Temp\iis_Stubid_paid (1).exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1972 -
C:\Users\Admin\AppData\Local\Temp\iis_Stubid_paid (1).exe"C:\Users\Admin\AppData\Local\Temp\iis_Stubid_paid (1).exe"2⤵
- Loads dropped DLL
PID:2640
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.7MB
MD5fb8bedf8440eb432c9f3587b8114abc0
SHA1136bb4dd38a7f6cb3e2613910607131c97674f7c
SHA256cb627a3c89de8e114c95bda70e9e75c73310eb8af6cf3a937b1e3678c8f525b6
SHA512b632235d5f60370efa23f8c50170a8ac569ba3705ec3d515efcad14009e0641649ab0f2139f06868024d929defffffefb352bd2516e8cd084e11557b31e95a63
-
Filesize
1021KB
MD569b307d27ae7c40392481d67a4f9ba50
SHA1d99919d236475ea4b3f63aa035577334e2b50372
SHA256a7b514013b5786bdfb345c220a0a3e2ac3e5de4af21eacfa48a9fbb4e1370a02
SHA512ce47748a792aa1e8b5eabfa185f11fc5808078c8e922d0946f6db06c4526eb39f3cd1b9836c938bd6e358a22c9207e888838af13f4ad81817589a5e175a76213